Use the anonymous python function to be sure the value set for
'SELINUX' in the config file is something useful. In the event that
DEFAULT_ENFORCING isn't set to one of the 3 permissible values we
set it to 'permissive'.
Signed-off-by: Philip Tricca <fl...@twobit.us>
---
recipes-security/refpolicy/refpolicy_common.inc | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/recipes-security/refpolicy/refpolicy_common.inc
b/recipes-security/refpolicy/refpolicy_common.inc
index 305675f..10e972d 100644
--- a/recipes-security/refpolicy/refpolicy_common.inc
+++ b/recipes-security/refpolicy/refpolicy_common.inc
@@ -66,6 +66,16 @@ EXTRA_OEMAKE += "tc_usrbindir=${STAGING_BINDIR_NATIVE}"
EXTRA_OEMAKE += "OUTPUT_POLICY=`${STAGING_BINDIR_NATIVE}/checkpolicy -V | cut
-d' ' -f1`"
EXTRA_OEMAKE += "CC='${BUILD_CC}' CFLAGS='${BUILD_CFLAGS}' PYTHON='${PYTHON}'"
+python __anonymous () {
+ import re
+
+ # make sure DEFAULT_ENFORCING is something sane
+ if not re.match('^(enforcing|permissive|disabled)$',
+ d.getVar('DEFAULT_ENFORCING', True),
+ flags=0):
+ d.setVar('DEFAULT_ENFORCING', 'permissive')
+}
+
do_compile() {
oe_runmake conf
oe_runmake policy
--
2.1.4
--
_______________________________________________
yocto mailing list
yocto@yoctoproject.org
https://lists.yoctoproject.org/listinfo/yocto
